445 lines
12 KiB
YAML
445 lines
12 KiB
YAML
---
|
|
- name: "Check for build tools"
|
|
block:
|
|
- name: "(CentOS/RHEL 8) Setup Python 3"
|
|
block:
|
|
- name: "(CentOS/RHEL 8) Install Python 3"
|
|
yum:
|
|
name:
|
|
- python3
|
|
- python3-pip
|
|
- python3-devel
|
|
update_cache: yes
|
|
|
|
- name: "(Centos/RHEL 8) Set Python 3 as default"
|
|
alternatives:
|
|
name: python
|
|
path: /usr/bin/python3
|
|
link: /usr/bin/python
|
|
when:
|
|
- ansible_facts['os_family'] == "RedHat"
|
|
- ansible_facts['distribution_major_version'] is version('8', '==')
|
|
|
|
- name: "(Centos/RHEL) Install build tools"
|
|
yum:
|
|
name:
|
|
- "@Development tools"
|
|
- ca-certificates
|
|
- gcc
|
|
- gd
|
|
- gd-devel
|
|
- glibc
|
|
- glibc-common
|
|
- perl-core
|
|
- wget
|
|
- zlib-devel
|
|
update_cache: yes
|
|
when: ansible_facts['os_family'] == "RedHat"
|
|
|
|
- name: "(Debian) Install backports repo for 'buster'"
|
|
apt_repository:
|
|
filename: buster-backports
|
|
repo: deb http://ftp.us.debian.org/debian buster-backports main
|
|
update_cache: yes
|
|
mode: 0644
|
|
when: ansible_facts['distribution_release'] == "buster"
|
|
|
|
- name: "(Debian/Ubuntu) Install build tools"
|
|
apt:
|
|
name:
|
|
- build-essential
|
|
- checkinstall
|
|
- libtemplate-perl
|
|
- python3-minimal
|
|
- perl
|
|
- tar
|
|
- zlib1g-dev
|
|
update_cache: yes
|
|
when: ansible_facts['os_family'] == "Debian"
|
|
|
|
- name: "(Alpine Linux) Install build tools"
|
|
apk:
|
|
name:
|
|
- alpine-sdk
|
|
- build-base
|
|
- git
|
|
- openrc
|
|
- perl
|
|
- python3
|
|
- linux-headers
|
|
- tar
|
|
- wget
|
|
update_cache: yes
|
|
when: ansible_facts['os_family'] == "Alpine"
|
|
|
|
- name: "(Alpine Linux) Enable OpenRC"
|
|
copy:
|
|
content: ""
|
|
dest: /run/openrc/softlevel
|
|
force: no
|
|
owner: root
|
|
mode: 0644
|
|
when: ansible_facts['os_family'] == "Alpine"
|
|
when: nginx_install_source_build_tools | bool
|
|
|
|
- name: "Check for source installs"
|
|
block:
|
|
- name: "Check for PCRE install"
|
|
stat:
|
|
path: /tmp/{{ pcre_version }}
|
|
register: pcre_result
|
|
|
|
- name: "Check for ZLib install"
|
|
stat:
|
|
path: /tmp/{{ zlib_version }}
|
|
register: zlib_result
|
|
|
|
- name: "Check for OpenSSL install"
|
|
stat:
|
|
path: /tmp/{{ openssl_version }}
|
|
register: openssl_result
|
|
|
|
- name: "(CentOS/RHEL) Install PCRE dependency from package"
|
|
yum:
|
|
name: pcre-devel
|
|
update_cache: yes
|
|
when:
|
|
- nginx_install_source_pcre | bool
|
|
- ansible_facts['os_family'] == "RedHat"
|
|
|
|
- name: "(Debian/Ubuntu) Install PCRE dependency from package"
|
|
apt:
|
|
name: libpcre3-dev
|
|
update_cache: yes
|
|
when:
|
|
- nginx_install_source_pcre | bool
|
|
- ansible_facts['os_family'] == "Debian"
|
|
|
|
- name: "(Alpine Linux) Install PCRE dependency from package"
|
|
apk:
|
|
name: pcre-dev
|
|
update_cache: yes
|
|
when:
|
|
- nginx_install_source_pcre | bool
|
|
- ansible_facts['os_family'] == "Alpine"
|
|
|
|
- name: "Install PCRE dependence from source"
|
|
block:
|
|
- name: "Download PCRE dependency"
|
|
get_url:
|
|
url: "https://ftp.pcre.org/pub/pcre/{{ pcre_version }}.tar.gz"
|
|
dest: "/tmp/{{ pcre_version }}.tar.gz"
|
|
mode: 0600
|
|
validate_certs: >-
|
|
{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}
|
|
register: pcre_source
|
|
|
|
- name: "Unpack PCRE dependency"
|
|
unarchive:
|
|
copy: no
|
|
dest: /tmp/
|
|
src: "{{ pcre_source.dest }}"
|
|
mode: 0700
|
|
|
|
- name: "Configure PCRE dependency"
|
|
command: "./configure"
|
|
args:
|
|
chdir: "/tmp/{{ pcre_version }}"
|
|
|
|
- name: "Make PCRE dependency"
|
|
make:
|
|
chdir: "/tmp/{{ pcre_version }}"
|
|
|
|
- name: "Install PCRE dependency"
|
|
make:
|
|
chdir: "/tmp/{{ pcre_version }}"
|
|
target: install
|
|
when:
|
|
- not pcre_result.stat.exists | bool
|
|
- not nginx_install_source_pcre | bool
|
|
|
|
- name: "(Centos/RHEL) Install ZLib dependency from package"
|
|
yum:
|
|
name: zlib-devel
|
|
update_cache: yes
|
|
when:
|
|
- nginx_install_source_zlib | bool
|
|
- ansible_facts['os_family'] == "RedHat"
|
|
|
|
- name: "(Debian/Ubuntu) Install ZLib dependency from package"
|
|
apt:
|
|
name: zlib1g-dev
|
|
update_cache: true
|
|
when:
|
|
- nginx_install_source_zlib | bool
|
|
- ansible_facts['os_family'] == "Debian"
|
|
|
|
- name: "(Alpine Linux) Install ZLib dependency from package"
|
|
apk:
|
|
name: zlib-dev
|
|
update_cache: yes
|
|
when:
|
|
- nginx_install_source_zlib | bool
|
|
- ansible_facts['os_family'] == "Alpine"
|
|
|
|
- name: "Install ZLib dependency from source"
|
|
block:
|
|
- name: "Download ZLib dependency"
|
|
get_url:
|
|
url: "https://zlib.net/{{ zlib_version }}.tar.gz"
|
|
dest: "/tmp/{{ zlib_version }}.tar.gz"
|
|
mode: 0600
|
|
validate_certs: >-
|
|
{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}
|
|
register: zlib_source
|
|
|
|
- name: "Unpack ZLib dependency"
|
|
unarchive:
|
|
copy: no
|
|
dest: /tmp/
|
|
src: "{{ zlib_source.dest }}"
|
|
mode: 0700
|
|
|
|
- name: "Configure ZLib dependency"
|
|
command: "./configure"
|
|
args:
|
|
chdir: "/tmp/{{ zlib_version }}"
|
|
|
|
- name: "Make ZLib dependency"
|
|
make:
|
|
chdir: "/tmp/{{ zlib_version }}"
|
|
|
|
- name: "Install ZLib dependency"
|
|
make:
|
|
chdir: "/tmp/{{ zlib_version }}"
|
|
target: install
|
|
when:
|
|
- not zlib_result.stat.exists | bool
|
|
- not nginx_install_source_zlib | bool
|
|
|
|
- name: "(CentOS/RHEL) Install OpenSSL dependency from package"
|
|
yum:
|
|
name: openssl-devel
|
|
update_cache: yes
|
|
when:
|
|
- nginx_install_source_openssl | bool
|
|
- ansible_facts['os_family'] == "RedHat"
|
|
|
|
- name: "(Debian/Ubuntu) Install OpenSSL dependency from package"
|
|
apt:
|
|
name: libssl-dev
|
|
update_cache: yes
|
|
when:
|
|
- nginx_install_source_openssl | bool
|
|
- ansible_facts['os_family'] == "Debian"
|
|
|
|
- name: "(Alpine Linux) Install OpenSSL dependency from package"
|
|
apk:
|
|
name: openssl-dev
|
|
update_cache: yes
|
|
when:
|
|
- nginx_install_source_openssl | bool
|
|
- ansible_facts['os_family'] == "Alpine"
|
|
|
|
- name: "Install OpenSSL dependency from source"
|
|
block:
|
|
- name: "Download OpenSSL dependency"
|
|
get_url:
|
|
url: "https://www.openssl.org/source/{{ openssl_version }}.tar.gz"
|
|
dest: "/tmp/{{ openssl_version }}.tar.gz"
|
|
mode: 0600
|
|
validate_certs: >-
|
|
{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}
|
|
register: openssl_source
|
|
|
|
- name: "Unpack OpenSSL dependency"
|
|
unarchive:
|
|
copy: no
|
|
dest: /tmp/
|
|
src: "{{ openssl_source.dest }}"
|
|
mode: 0700
|
|
|
|
- name: "Configure OpenSSL dependency"
|
|
command: "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib"
|
|
args:
|
|
chdir: "/tmp/{{ openssl_version }}"
|
|
|
|
- name: "Make OpenSSL dependency"
|
|
make:
|
|
chdir: "/tmp/{{ openssl_version }}"
|
|
|
|
- name: "Install OpenSSL dependency"
|
|
make:
|
|
chdir: "/tmp/{{ openssl_version }}"
|
|
target: install
|
|
when:
|
|
- not openssl_result.stat.exists | bool
|
|
- not nginx_install_source_openssl | bool
|
|
|
|
- name: "Get NGINX version"
|
|
block:
|
|
- name: "Fetch NGINX version"
|
|
uri:
|
|
url: https://trac.nginx.org/nginx/browser
|
|
return_content: yes
|
|
validate_certs: >-
|
|
{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}
|
|
register: nginx_versions
|
|
|
|
- name: "Set NGINX mainline version"
|
|
set_fact:
|
|
nginx_version: "{{ nginx_versions.content | regex_search('release[^<]*') | regex_replace('release', 'nginx') }}"
|
|
when: nginx_branch == "mainline"
|
|
|
|
- name: "Set NGINX stable version 1/2"
|
|
set_fact:
|
|
nginx_version: "{{ nginx_versions.content | regex_search('stable[^<]*') | regex_replace('stable', 'release') }}"
|
|
when: nginx_branch == "stable"
|
|
|
|
- name: "Set NGINX stable version 2/2"
|
|
set_fact:
|
|
nginx_version: "{{ nginx_versions.content | regex_search(nginx_version + '[^<]*') | regex_replace('release', 'nginx') }}"
|
|
when: nginx_branch == "stable"
|
|
|
|
- name: "Set NGINX download filename"
|
|
set_fact:
|
|
nginx_download_name: "{{ nginx_version }}"
|
|
|
|
- name: "Check for NGINX install"
|
|
stat:
|
|
path: /usr/sbin/nginx
|
|
follow: yes
|
|
register: nginx_result
|
|
|
|
- name: "Add NGINX user"
|
|
user:
|
|
name: nginx
|
|
|
|
- name: "Install NGINX"
|
|
block:
|
|
- name: "Download NGINX"
|
|
get_url:
|
|
url: "https://nginx.org/download/{{ nginx_download_name }}.tar.gz"
|
|
dest: "/tmp/{{ nginx_download_name }}.tar.gz"
|
|
mode: 0600
|
|
validate_certs: >-
|
|
{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}
|
|
register: nginx_source
|
|
|
|
- name: "Unpack NGINX"
|
|
unarchive:
|
|
copy: no
|
|
dest: /tmp/
|
|
src: "{{ nginx_source.dest }}"
|
|
mode: 0755
|
|
|
|
- name: "Configure NGINX"
|
|
command: >-
|
|
./configure
|
|
--conf-path=/etc/nginx/nginx.conf
|
|
--error-log-path=/var/log/nginx/error.log
|
|
--http-log-path=/var/log/nginx/access.log
|
|
--lock-path=/var/lock/nginx.lock
|
|
--modules-path=/usr/lib/nginx/modules
|
|
--prefix=/usr
|
|
--pid-path=/var/run/nginx.pid
|
|
--with-http_ssl_module
|
|
--with-mail=dynamic
|
|
--with-stream
|
|
{{ nginx_install_source_pcre | ternary('', '--with-pcre=../' + pcre_version) }}
|
|
{{ nginx_install_source_zlib | ternary('', '--with-zlib=../' + zlib_version) }}
|
|
{{ nginx_install_source_openssl | ternary('', '--with-openssl=../' + openssl_version) }}
|
|
args:
|
|
chdir: "/tmp/{{ nginx_version }}"
|
|
register: nginx_configure
|
|
|
|
- name: "Make NGINX"
|
|
make:
|
|
chdir: "/tmp/{{ nginx_version }}"
|
|
|
|
- name: "Install NGINX"
|
|
make:
|
|
chdir: "/tmp/{{ nginx_version }}"
|
|
target: install
|
|
|
|
- name: "Upload systemd NGINX service file"
|
|
copy:
|
|
src: services/nginx.systemd
|
|
dest: /lib/systemd/system/nginx.service
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
when: ansible_facts['service_mgr'] == "systemd"
|
|
|
|
- name: "Enable systemd NGINX service file"
|
|
systemd:
|
|
daemon_reload: yes
|
|
name: nginx
|
|
state: restarted
|
|
enabled: yes
|
|
when: ansible_facts['service_mgr'] == "systemd"
|
|
notify: "(Handler) Start NGINX"
|
|
|
|
- name: "Upload upstart NGINX service file"
|
|
copy:
|
|
src: services/nginx.upstart
|
|
dest: /etc/init.d/nginx
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
when: ansible_facts['service_mgr'] == "upstart"
|
|
|
|
- name: "Upload Upstart NGINX service conf file"
|
|
copy:
|
|
src: services/nginx.conf.upstart
|
|
dest: /etc/init/nginx.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
when: ansible_facts['service_mgr'] == "upstart"
|
|
|
|
- name: "Enable Upstart NGINX service reload"
|
|
command: "initctl reload-configuration"
|
|
when: ansible_facts['service_mgr'] == "upstart"
|
|
|
|
- name: "Start Upstart NGINX service reload"
|
|
command: "nginx"
|
|
when: ansible_facts['service_mgr'] == "upstart"
|
|
notify: "(Handler) Start NGINX"
|
|
|
|
- name: "Upload SysVinit NGINX service file"
|
|
copy:
|
|
src: services/nginx.sysvinit
|
|
dest: /etc/init.d/nginx
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
when: ansible_facts['service_mgr'] == "sysvinit"
|
|
notify: "(Handler) Start NGINX"
|
|
|
|
- name: "Upload OpenRC NGINX service file"
|
|
copy:
|
|
src: services/nginx.openrc
|
|
dest: /etc/init.d/nginx
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
when: ansible_facts['service_mgr'] == "openrc"
|
|
|
|
- name: "Enable OpenRC NGINX service"
|
|
command: rc-update add nginx default
|
|
when: ansible_facts['service_mgr'] == "openrc"
|
|
notify: "(Handler) Start NGINX"
|
|
when: not nginx_result.stat.exists
|
|
|
|
- name: "Cleanup downloads"
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
loop:
|
|
- "{{ pcre_source.dest }}"
|
|
- "{{ zlib_source.dest }}"
|
|
- "{{ openssl_source.dest }}"
|
|
- "{{ nginx_source.dest }}"
|
|
when: item is defined
|